aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLuca Barbato <lu_zero@gentoo.org>2012-06-28 20:55:04 +0200
committerLuca Barbato <lu_zero@gentoo.org>2012-07-03 15:35:51 +0200
commit906f9dce85eeb8c7f29ed2a37ec737a64c0275c6 (patch)
treeacfe0051bba879796ea357ff6409d78b9ba88eb5
parent33895451570742c47404fec52d87a5c71de26b83 (diff)
downloadffmpeg-906f9dce85eeb8c7f29ed2a37ec737a64c0275c6.tar.gz
avplay: fix write on freed memory for rawvideo
Do not assume avpacket and the decoded frames are independent. To be absolutely sure and not sprinkle av_free_packet around the code the call had been placed before getting the frame and on the error path.
-rw-r--r--avplay.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/avplay.c b/avplay.c
index 71844c274d..e05016964b 100644
--- a/avplay.c
+++ b/avplay.c
@@ -1597,6 +1597,7 @@ static int configure_video_filters(AVFilterGraph *graph, VideoState *is, const c
static int video_thread(void *arg)
{
+ AVPacket pkt = { 0 };
VideoState *is = arg;
AVFrame *frame = avcodec_alloc_frame();
int64_t pts_int;
@@ -1617,7 +1618,6 @@ static int video_thread(void *arg)
#endif
for (;;) {
- AVPacket pkt;
#if CONFIG_AVFILTER
AVFilterBufferRef *picref;
AVRational tb;
@@ -1625,10 +1625,11 @@ static int video_thread(void *arg)
while (is->paused && !is->videoq.abort_request)
SDL_Delay(10);
+ av_free_packet(&pkt);
+
ret = get_video_frame(is, frame, &pts_int, &pkt);
if (ret < 0)
goto the_end;
- av_free_packet(&pkt);
if (!ret)
continue;
@@ -1708,6 +1709,7 @@ static int video_thread(void *arg)
av_freep(&vfilters);
avfilter_graph_free(&graph);
#endif
+ av_free_packet(&pkt);
av_free(frame);
return 0;
}